#!/bin/bash


echo "" > /etc/hostname

hostname 

cat > /etc/hosts << EOF
127.0.0.1   snapshot-ipv4-dhcp-el7  localhost localhost.localdomain
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOF







echo "Updating system time"
        systemctl enable --now chronyd
    /usr/bin/chronyc -a makestep
  [ -f /usr/sbin/hwclock ] && /usr/sbin/hwclock --systohc


rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

# registration_type = 'subscription_manager'
  
  echo "##############################################################"
  echo "################# SUBSCRIPTION MANAGER #######################"
  echo "##############################################################"
  echo
  echo "Starting the subscription-manager registration process"

  # Set up subscription-manager
  # Select package manager for the OS (sets the $PKG_MANAGER* variables)
if [ -z "$PKG_MANAGER" ]; then
  if [ -f /etc/os-release ] ; then
    . /etc/os-release
  fi
  
  if [ "${NAME%.*}" = 'FreeBSD' ]; then
    PKG_MANAGER='pkg'
    PKG_MANAGER_INSTALL="${PKG_MANAGER} install -y"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} delete -y"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} install -y"
  elif [ -f /etc/fedora-release -o -f /etc/redhat-release -o -f /etc/amazon-linux-release -o -f /etc/system-release ]; then
    PKG_MANAGER='dnf'
    if [ -f /etc/redhat-release -a "${VERSION_ID%.*}" -le 7 ]; then
      PKG_MANAGER='yum'
    elif [ -f /etc/system-release ]; then
      PKG_MANAGER='yum'
    fi
    PKG_MANAGER_INSTALL="${PKG_MANAGER} install -y"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} remove -y"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} upgrade -y"
  elif [ -f /etc/debian_version ]; then
    PKG_MANAGER='apt-get'
    PKG_MANAGER_INSTALL="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' install -y"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' remove -y"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' -o APT::Get::Upgrade-Allow-New='true' upgrade -y"
  elif [ -f /etc/arch-release ]; then
    PKG_MANAGER='pacman'
    PKG_MANAGER_INSTALL="${PKG_MANAGER} --noconfirm -S"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} --noconfirm -R"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} --noconfirm -S"
  elif [ x$ID = xopensuse-tumbleweed -o x$ID = xsles ]; then
    PKG_MANAGER='zypper'
    PKG_MANAGER_INSTALL="${PKG_MANAGER} --non-interactive install --auto-agree-with-licenses"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} --non-interactive remove"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} --non-interactive update"
  fi
fi

# Define the path to rhsm.conf
RHSM_CFG=/etc/rhsm/rhsm.conf



# Prepare subscription-manager
if ! [ -x "$(command -v subscription-manager)" ] ; then
  $PKG_MANAGER_INSTALL subscription-manager
else
  echo "subscription-manager is already installed!"
  
fi

# Check if rhsm.conf exists
if ! [ -f $RHSM_CFG ] ; then
  echo "'$RHSM_CFG' not found, cannot configure subscription-manager"
    exit 1
fi


# Configure subscription-manager
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
subscription-manager config \
  --server.hostname="subscription.rhsm.redhat.com" \
  --server.port="443" \
  --server.prefix="/subscription" \
  --rhsm.repo_ca_cert="/etc/rhsm/ca/redhat-uep.pem" \
  --rhsm.baseurl="https://cdn.redhat.com" \
  --rhsm.manage_repos=1

# Older versions of subscription manager may not recognize
# report_package_profile and package_profile_on_trans options.
# So set them separately and redirect out & error to /dev/null
# to fail silently.
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true

# Configuration for EL6
if grep --quiet full_refresh_on_yum $RHSM_CFG; then
  sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG
else
  full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
  sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG
fi

# Restart yggdrasild if installed and running
systemctl try-restart yggdrasil >/dev/null 2>&1 || true
    # Avoid timeout accessing unreachable repo on air gapped infrastructure,
    #  assuming subscription-manager-syspurpose is installed in custom packages section.
    if ! rpm --query --quiet subscription-manager-syspurpose ; then
      $PKG_MANAGER_INSTALL subscription-manager-syspurpose
    fi

    if [ -f /usr/sbin/syspurpose ]; then
        syspurpose set-role "Red Hat Enterprise Linux Server"
        syspurpose set-usage "Development/Test"
        syspurpose set-sla "Self-Support"
    else
      echo "Syspurpose CLI not found."
    fi
  
  
      subscription-manager register --name="snapshot-ipv4-dhcp-el7" --org='Org' --activationkey='key'
  
  
  
    subscription-manager refresh  --force
  
    subscription-manager status
  
  
  
  
  


freeipa_client=ipa-client
/usr/sbin/sshd-keygen

yum install -y libsss_sudo $freeipa_client

##
## IPA Client Installation
##


freeipa_mkhomedir="--mkhomedir"



# One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
/usr/sbin/ipa-client-install -w '$HOST[OTP]' --realm=freeipa.example.com -U $freeipa_mkhomedir $freeipa_opts $freeipa_server $freeipa_domain $freeipa_ssh

##
## Automounter
##



##
## Sudoers
##



freeipa_client_version=$(ipa-client-install --version)
freeipa_client_version_major=$(echo $freeipa_client_version | cut -f1 -d.)
freeipa_client_version_minor=$(echo $freeipa_client_version | cut -f2 -d.)
freeipa_realm=$(grep default_realm /etc/krb5.conf | cut -d"=" -f2 | tr -d ' ')
freeipa_domain=$(grep -A 2 domain_realm /etc/krb5.conf | tail -n1 | awk '{print $1}')
freeipa_dn=$(for word in $(echo $freeipa_domain | sed 's/\./ /g'); do echo -n dc=$word,; done)
sssd_version=$(sssd --version)
sssd_major=$(echo $sssd_version | cut -f1 -d.)
sssd_minor=$(echo $sssd_version | cut -f2 -d.)
LDAP_CONFIG=$(mktemp)

# >=ipa-client-4.1.0 automatically configures sssd for sudo
# =<ipa-client-3 requires manual configuration which this snippet takes care of

if [ $freeipa_client_version_major -lt 4 ]
then
  # Modify sssd.conf
  sed -i -e "s/services = .*/\0, sudo/" /etc/sssd/sssd.conf

  # Modify sssd.conf for sssd <1.11 (RHEL <6.6)
  if [ $sssd_minor -lt 11 ] || [ $sssd_major -lt 1 ]
  then
        krb5_server="_srv_"
    
cat <<EOF > $LDAP_CONFIG
sudo_provider = ldap
ldap_uri = _srv_ $ldap_uri
ldap_sudo_search_base = ou=SUDOers,${freeipa_dn%?}
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/$HOSTNAME
ldap_sasl_realm = $freeipa_realm
krb5_server = $krb5_server
EOF
  sed -i -e "/\[domain\/.*\]/ r $LDAP_CONFIG" /etc/sssd/sssd.conf
  fi

  # Modify nsswitch.conf
  grep -q sudoers /etc/nsswitch.conf
  if [[ $? -eq 0 ]];
  then
    sed -i -e "s/^sudoers.*/sudoers:    files sss/" /etc/nsswitch.conf
  else
    echo "sudoers:    files sss" >> /etc/nsswitch.conf
  fi

  # Configure nisdomain
      authconfig --nisdomain ${freeipa_domain} --update
    chkconfig sssd on

    if [[ $(rpm -qa systemd | wc -l) -gt 0 ]];
    then
      domain_service=/usr/lib/systemd/system/*-domainname.service

      # Workaround for BZ1071969 on RHEL 7.0
      grep -q "DefaultDependencies=no" $domain_service
      if [[ $? -ne 0 ]]
      then
        sed -i -e "s/\[Unit\]/\[Unit\]\nDefaultDependencies=no/" $domain_service
      fi

      systemctl start $(basename $domain_service)
      systemctl enable $(basename $domain_service)
    fi
  fi




# update all the base packages from the updates repository
if [ -f /usr/bin/dnf ]; then
  dnf -y update
else
  yum -t -y update
fi


# Select package manager for the OS (sets the $PKG_MANAGER* variables)
if [ -z "$PKG_MANAGER" ]; then
  if [ -f /etc/os-release ] ; then
    . /etc/os-release
  fi
  
  if [ "${NAME%.*}" = 'FreeBSD' ]; then
    PKG_MANAGER='pkg'
    PKG_MANAGER_INSTALL="${PKG_MANAGER} install -y"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} delete -y"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} install -y"
  elif [ -f /etc/fedora-release -o -f /etc/redhat-release -o -f /etc/amazon-linux-release -o -f /etc/system-release ]; then
    PKG_MANAGER='dnf'
    if [ -f /etc/redhat-release -a "${VERSION_ID%.*}" -le 7 ]; then
      PKG_MANAGER='yum'
    elif [ -f /etc/system-release ]; then
      PKG_MANAGER='yum'
    fi
    PKG_MANAGER_INSTALL="${PKG_MANAGER} install -y"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} remove -y"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} upgrade -y"
  elif [ -f /etc/debian_version ]; then
    PKG_MANAGER='apt-get'
    PKG_MANAGER_INSTALL="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' install -y"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' remove -y"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} -o 'Dpkg::Options::=--force-confdef' -o 'Dpkg::Options::=--force-confold' -o APT::Get::Upgrade-Allow-New='true' upgrade -y"
  elif [ -f /etc/arch-release ]; then
    PKG_MANAGER='pacman'
    PKG_MANAGER_INSTALL="${PKG_MANAGER} --noconfirm -S"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} --noconfirm -R"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} --noconfirm -S"
  elif [ x$ID = xopensuse-tumbleweed -o x$ID = xsles ]; then
    PKG_MANAGER='zypper'
    PKG_MANAGER_INSTALL="${PKG_MANAGER} --non-interactive install --auto-agree-with-licenses"
    PKG_MANAGER_REMOVE="${PKG_MANAGER} --non-interactive remove"
    PKG_MANAGER_UPGRADE="${PKG_MANAGER} --non-interactive update"
  fi
fi



echo "blacklist amodule" >> /etc/modprobe.d/blacklist.conf




if [ -f /usr/bin/dnf ]; then
  dnf -y install puppet
else
  yum -t -y install puppet
fi

cat > /etc/puppet/puppet.conf << EOF
[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = \$vardir/ssl

[agent]
pluginsync      = true
report          = true
certname        = snapshot-ipv4-dhcp-el7

EOF


puppet_unit=puppet
/usr/bin/systemctl list-unit-files | grep -q puppetagent && puppet_unit=puppetagent
/usr/bin/systemctl enable ${puppet_unit}

# export a custom fact called 'is_installer' to allow detection of the installer environment in Puppet modules
export FACTER_is_installer=true
# passing a non-existent tag like "no_such_tag" to the puppet agent only initializes the node
# You can select specific tag(s) with the "run-puppet-in-installer-tags" parameter
# or set a full puppet run by setting "run-puppet-in-installer" = true
echo "Performing initial puppet run for --tags no_such_tag"
/usr/bin/puppet agent --config /etc/puppet/puppet.conf --onetime --tags no_such_tag  --no-daemonize



    cat << EOF-d592f4ed > /tmp/ansible_provisioning_call.sh
#!/bin/sh

echo "Calling Ansible AWX/Tower provisioning callback..."
/usr/bin/curl -v -k -s --data "host_config_key=" https://host.example.com/api/controller/v2/job_templates/20/callback/
echo "DONE"
EOF-d592f4ed
    /bin/sh /tmp/ansible_provisioning_call.sh

# UserData still needs to mark the build as finished
if [ -x /usr/bin/curl ]; then
  /usr/bin/curl -o /dev/null -H 'Content-Type: text/plain' --fail --noproxy \* --silent 'http://foreman.example.com/unattended/built'
elif [ -x /usr/bin/wget ]; then
  /usr/bin/wget -q -O /dev/null --method POST --header 'Content-Type: text/plain' --no-proxy 'http://foreman.example.com/unattended/built'
else
  wget -q -O /dev/null --header 'Content-Type: text/plain' 'http://foreman.example.com/unattended/built'
fi
FINAL_STATUS=$?

if [ -x "$(command -v subscription-manager)" ] ; then
  subscription-manager facts --update
  SUB_MAN_STATUS=$?

  if [ $FINAL_STATUS -eq 0 ]; then
    FINAL_STATUS=$SUB_MAN_STATUS
  fi
fi

(exit $FINAL_STATUS);

